Openvpn Security Setting Breach

Hi to everybody.
I have a question. In the past days i have call a test for my security connection with my IpFire firewall.

The report had found this potential Vulnerability:

OpenVPN Same Client Certificate Denial of Service Vulnerability (POTENZIAL) 38465
OpenVPN MAC Address Spoofing Denial of Service Vulnerability (POTENZIAL) 38464
OpenVPN Failed Authentication Denial of Service Vulnerability (POTENZIAL) 38467
OpenVPN Packet Decryption Failure Denial of Service Vulnerability (POTENZIAL) 38463

They tell me to upgrade the Openvpn to the 2.0.1 version to resolve all the error
But i found that Ipfire 2.25.146 had the 2.4.9.

There are also some setting to set to resolve?

thanks
Donatello

Hi,

In the past days i have call a test for my security connection with my IpFire firewall.

which tool were you using?

OpenVPN Same Client Certificate Denial of Service Vulnerability (POTENZIAL) 38465
OpenVPN MAC Address Spoofing Denial of Service Vulnerability (POTENZIAL) 38464
OpenVPN Failed Authentication Denial of Service Vulnerability (POTENZIAL) 38467
OpenVPN Packet Decryption Failure Denial of Service Vulnerability (POTENZIAL) 38463

Do you happen to have further information regarding them (CVE entries, or similar)?

There are also some setting to set to resolve?

What do you mean by that?

Thanks, and best regards,
Peter MĂĽller

Hi

They have used NMap, Qualys VM and Nessus

The CVE are: CVE-2005-2534, CVE-2005-2533 and CVE-2005-2531

It is a false positive or i must change some setting in IPFire Openvpn ?

thanks
Donatello

Hi all,

this should have been fixed long time ago with version --> 2005.08.16 – Version 2.0.1 --> https://openvpn.net/community-resources/changelog-for-openvpn-2-1/ or check the CVE for affected products -->
https://www.cvedetails.com/cve/CVE-2005-2531/
https://www.cvedetails.com/cve/CVE-2005-2534/
https://www.cvedetails.com/cve/CVE-2005-2533/

Best,

Erik

1 Like

Hi, i think it’s a false positive.

Thanks.
Best regard
Donatello

I suggest to change the topic name…
Anyway, @donatellogiraudo, maybe you can say to them “try to exploit the vulnerabilities”.